Vulnerabilities > Rangerstudio > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-07 | CVE-2021-29641 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. | 8.8 |
| 2021-02-23 | CVE-2021-26594 | Improper Privilege Management vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. | 8.8 |
| 2021-02-23 | CVE-2021-26593 | Information Exposure vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. | 7.5 |
| 2019-07-19 | CVE-2019-13984 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.3.0 does not validate uploaded files. | 8.8 |
| 2019-07-19 | CVE-2019-13980 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. | 8.8 |
| 2019-07-19 | CVE-2019-13979 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. | 8.8 |